3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem."

Transcription

1 Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot Target Neiman Marcus Healthcare.gov P.F. Chang s Community Health Services 1

2 Staggering Numbers Cyber crime has been estimated to cost the global economy between $400 - $575 billion each year At an estimated $100 billion, the U.S. takes largest hit The number of U.S. data breach incidents tracked since 2005 exceeded 5,000 reported data breach incidents, involving more than 675 million estimated records Only a small number of incidences are reported Reported Breaches on the Rise In 2014, the number of U.S. data breaches hit a record high of 783 Significant increase of 18.3 percent over the previous high of 662 breaches tracked in 2010 This represents a substantial hike of 27.5 percent over the number of breaches reported in 2013 Data records were lost or stolen at an alarming rate Average of 15 breaches per week in Impact on Organizations by Category Banking/Credit Financial 43 breaches Business (retail, hospitality and tourism, professional, trade, transportation, utilities, etc.) 258 breaches Educational 57 breaches Government/Military 92 breaches Medical/Healthcare 333 breaches 2

3 Impact on Public Companies In 2014, there were numerous incidents that affected public companies Ebay million accounts Home Depot 56 million accounts Shoppers who used credit and debit cards at its more than 2,000 U.S. and Canadian stores J.P. Morgan Chase 76 million households affected 2/3 of U.S. households Target estimated 110 million accounts Cost of a Data Breach Average cost to a company in 2014 was $3.5 million 15 percent more than what it cost in 2013 For each breached record, the businesses spent an average of $201 The cost per compromised record is higher at U.S. companies than those in other countries Closer to Home Not just affecting large national companies Bashas Sprouts Maricopa County Community Colleges 3

4 Types of Data and Entities at Risk Individuals Identity theft Banking and credit card information accessed Private or embarrassing info / photos Businesses Customer data System compromise Customer Data Mirrors the type of information vulnerable for an individual: Data that can harm your customer directly, e.g., credit card and bank account information Data that can harm make your customer more vulnerable to ID theft, e.g., social security numbers, DOB, etc., much of which is the subject of privacy regulations System Compromise Vandalism to websites Theft of company data, e.g., trade secrets System crashes DDoS Resulting reputational damage 4

5 Regulatory Requirements Overview of Privacy and Security Laws and Regulations No single comprehensive federal law Patchwork of Federal and state laws Regulations Government and industry group guidelines and best practices Additional Considerations Executive Order on Improving Critical Infrastructure Cybersecurity State requirements A myriad of privacy and breach notification laws 5

6 Additional Considerations (continued) Industry standards / best practices Are best practices / industry guidelines really voluntary? Insurance companies Plaintiffs lawyers FTC Act Prohibits unfair and deceptive acts or practices Failure to protect personal data Changing privacy policy without adequate notice Failure to comply pywith posted privacy ypolicy Ask yourself For what purpose will data be used? Do you have permission for that use? Gramm Leach Bliley Regulates collection, use and disclosure of financial information Financial Institutions 6

7 SEC Disclose material risks, vulnerabilities, and incidents Insufficient disclosures Using boilerplate language HIPAA Regulates medical information Can apply broadly to health care providers, data processors, pharmacies and other entities that come in contact with medical information Guidelines on how to de-identify data Common Threads in Privacy and Security Regulations Confidentiality Integrity Availability Informed Choice 7

8 Preparing for the Breach Conduct An Audit / Be Proactive Inventory your data How was it collected Do you have consents Appropriate and timely consents Where is it stored Keep only what you need Security measures Third party access / sharing with third parties Availability of internal and external resources Insurance What are the risks? First party damage vs. third-party liability Direct damages Breach detection Breach response System restoration Class-Action suits and claims for punitive damages Shareholder suits Regulatory fines Business disruption Reputational damage Lost business 8

9 Insurance (continued) Aren t these risks already covered under my CGL, D&O, or property policy? Answer: Probably not. If so, coverage will be limited. Insurers are writing-in express exclusions for these types of losses and liabilities. Insurance (continued) Types of cyber-specific products Commercial crime Cyber crime Service bureau operations Data breach coverage (1st party and 3rd party) Cyber extortion Individual identity theft protection Insurance vs. Security What Should You Do? 9

10 Before a Data Breach Occurs Perform a privacy & security assessment Review and assess network security policies and procedures Develop a written Incident Response Plan Establish critical vendor relationships Review / revise record retention policies Review contracts with business partners Train employees Privacy notices Review insurance coverage Policies and Procedures Relative to Data Security Typical polices to have in place: Privacy Policies Identity Theft Prevention Policies Record Retention Policies Network Security Policies Train employees and staff Policies are of no assistance if no one knows of them to knows what they require Digital Safeguards in a Digital Environment Trade secret law requires reasonable measures Adapt practices to take new technologies into account Tools: electronically yprogrammable access cards, computer firewalls, frequent changes and multiple levels of passwords, digital watermarks and secure intranets Countermeasures: spoofing, phishing, and dusting 10

11 Digital Safeguards in a Digital Environment (continued) Use secure intranet or password-protected FTP server for frequent information exchanges with trusted business partners Failure to use commonplace security measures included in mass-market software applications may constitute failure to take reasonable measures to protect trade secrets Before disclosing your confidential information, consider using a due diligence questionnaire to inquire about the disclosee s own use of digital security measures Physical Security Proliferation of personal devices for generating, recording, storing and transmitting digital data Cameras in cell phones, USB drives and mp3 players Restrict personal devices in highly secure areas on company property Beware stealth selfies Monitor and restrict the amount of data employees can transfer using company servers Physical Security (continued) Reconfigure or eliminate USB ports except on designated company computers Reasonable measures may require privacy screens for traveling employees U.S. Customs can seize travelers laptops without probable cause (U.S. v Arnold, 523 F.3d 941 (9 th Cir. 2008) Replace fully loaded hard drives with a clean hard drive or authorized USB drive for a specific business trip 11

12 Cultural Security Courts cite the use of training programs (e.g., threat awareness, safe blogging) as evidence of reasonable precautions Avoid using a fixed period of time (e.g., two years ) when limiting disclosure in NDA s Company had not taken reasonable measures to maintain secrecy by requiring distributors and customers to keep schematic and programming information confidential for 2 or 3 years. Silicon Image, Inc. v. Analogix Semiconductor, Inc (N.D. Cal. 2008) Departing IT administrators and security staff pose special risks Best Practices Reasonable measures may include System Monitoring Tools Best Practices (continued) Present Web Interface/Dashboard to IT and beyond Consider configuring critical alarms to trigger cybersecurity alert Proactive ethical hacking for penetration testing, intrusion testing and red teaming Wholesale delegation of cybersecurity to IT personnel may not be appropriate 12

13 Other Non-Data Breach Concerns Due diligence in M & A / other transactions Cybersecurity is a critical component of due diligence which must be examined / investigated When you buy a company, you are buying its data and any associated security issues After a Breach Incident response checklist Mobilize necessary personnel Legal / Breach Response Coach IT Forensics Communications / PR Containment and analysis Stop the bleeding Secure the network Preserve evidence Identify the source and scope of the attack After a Breach (continued) Incident response checklist (cont d) Notification Evaluate breach notification laws Coordinate with law enforcement / regulators Develop corporate communication / PR strategy Eradication and prevention Post clean up review Remediate security gap Revise policies and procedures Litigation defense 13

14 Additional Resources National Institute of Standards and Technology (NIST) Publications, e.g. Computer Security Incident Handling Guide Experian s Data Breach Response Guide Debix Data Breach Response Workbook DOJ Incident Response Procedures for Data Breaches Questions? 14

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Data Security: Risks, Compliance and How to be Prepared for a Breach

Data Security: Risks, Compliance and How to be Prepared for a Breach Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Cyber Insurance Presentation

Cyber Insurance Presentation Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance

More information

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015 CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson

More information

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Cybersecurity: Emerging Legal Risks

Cybersecurity: Emerging Legal Risks Cybersecurity: Emerging Legal Risks Data Breach Cyber Liability Seminar April 17, 2015 By: Tsutomu L. Johnson tj@scmlaw.com Overview of 2014 Data Breaches: JP Morgan, Home Depot, P.F. Chang s, Healthcare.gov,

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Cyber and CGL Insurance Coverage for Data Breach Claims

Cyber and CGL Insurance Coverage for Data Breach Claims Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage 2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and

More information

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Jefferson Glassie, FASAE Whiteford, Taylor & Preston Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements

More information

Cyber Security: Emerging Risks and Trends (and what you can do about it)

Cyber Security: Emerging Risks and Trends (and what you can do about it) Cyber Security: Emerging Risks and Trends (and what you can do about it) UVU Business and Economic Forum May 19, 2016 Presented by: Daniel D. Hill, Esq. Christopher Droubay, Esq. Risks and Trends Widely

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

By Daniel E. Frank and Don Borelli

By Daniel E. Frank and Don Borelli 30-SECOND SUMMARY As intelligent, interconnected devices become more widely available and increasingly host high-value information like a hospital patient s medical records the intrusion points for cyber

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium

DNA of Cybersecurity Risks. Credit Union Executive Leadership Symposium DNA of Risks Credit Union Executive Leadership Symposium CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2016 CUNA Mutual Group, All Rights Reserved. What s in store for

More information

Hot Topics and Trends in Cyber Security and Privacy

Hot Topics and Trends in Cyber Security and Privacy Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Cybersecurity: The Legal, Legislative and Regulatory Outlook

Cybersecurity: The Legal, Legislative and Regulatory Outlook Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct

More information

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Mission of Pro Bono Partnership of Atlanta: To maximize the impact of pro bono engagement by connecting

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

LIGC-ACC Presentation November 9, 2015

LIGC-ACC Presentation November 9, 2015 Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator

More information

Cyber Risk in Healthcare AOHC, 3 June 2015

Cyber Risk in Healthcare AOHC, 3 June 2015 Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1 Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of

More information

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

The Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed

The Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed The Ethical Implications of NSA Surveillance for Lawyers David G. Ries Clark Hill Thorp Reed 2 3 The June 2013 Headlines: NSA collecting phone records of millions of Verizon customers daily The Guardian,

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities Protecting Personal Information A Business Guide Division of Finance and Corporate Securities Oregon Identity Theft Protection Act Collecting, keeping, and sharing personal data is essential to all types

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Cybersecurity: Promoting Prevention and Resilience Steven Chabinsky William Ridgway Marcus Christian James Woods General

More information

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

CYBER READINESS FOR FINANCIAL INSTITUTIONS

CYBER READINESS FOR FINANCIAL INSTITUTIONS CYBER READINESS FOR FINANCIAL INSTITUTIONS Are You Prepared for Your Eventual Cyber Breach? April 15, 2015 Section one STRENGTHENING CYBER RISK MANAGEMENT Earl Crane, PhD, CISSP ecrane@promontory.com www.linkedin.com/in/earlcrane

More information

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors

How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in

More information

IT Security & Compliance Risk Assessment Capabilities

IT Security & Compliance Risk Assessment Capabilities ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased

More information

The Practical Realities of Cybersecurity

The Practical Realities of Cybersecurity & present The Practical Realities of Cybersecurity Best practices for crafting policies and procedures to protect your company Andrew Morentz, Member Telecommunications Law Professionals PLLC email amorentz@telecomlawpros.com

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

Data Breaches, Hacks and Vulnerabilities: Leading Strategies for Responding to a Data Breach

Data Breaches, Hacks and Vulnerabilities: Leading Strategies for Responding to a Data Breach Data Breaches, Hacks and Vulnerabilities: Leading Strategies for Responding to a Data Breach Presented by: S. Ashlie Beringer, Karl G. Nelson, Alexander H. Southwell February 29, 2012 Agenda Data Security

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Protecting Your Employees from Identity Theft

Protecting Your Employees from Identity Theft Protecting Your Employees from Identity Theft Date: May 16, 2016 Presentation Outline Data breach Identity Theft Impact on public employers, employees Risk management considerations GALLAGHER BENEFIT SERVICES,

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

Cyberinsurance: Insuring for Data Breach Risk

Cyberinsurance: Insuring for Data Breach Risk View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL

More information

WELCOME. Data Security Seminar November 7, 2012

WELCOME. Data Security Seminar November 7, 2012 WELCOME Data Security Seminar November 7, 2012 Data Security Seminar Technology, Legal and Risk Management Roundtable November 7, 2012 Chris Watson, MBA, CISA, CRISC Internal Audit and Risk Advisory Services

More information

Major Legal Trends for 2015. Just Like 2014 Except More So. Charles Engros

Major Legal Trends for 2015. Just Like 2014 Except More So. Charles Engros Major Legal Trends for 2015 Just Like 2014 Except More So Charles Engros January 15, 2015 1 Major Legal Trends for 2015 SHAREHOLDER ACTIVISM SELLER S MARKET IN M&A DATA PROTECTION & PRIVACY Morgan, Lewis

More information

Managing data security and privacy risk of third-party vendors

Managing data security and privacy risk of third-party vendors Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information